Yahoo fixes Critical Remote Command Execution vulnerability

Yahoo fixes Critical Remote Command Execution vulnerability

Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability.

Last week, He reported the flaw to Yahoo Security Team and also tip-off them of more threat. Interesting fact, Yahoo has fixed the flaw within a day after he reported.

Server kernel was an old one with a well known “Local Privilage Esclation” vulnerability, which means an attacker with such vulnerability can gain ROOT ACCESS to the server!!!!

Just a few days back, Facebook has also paid out its largest Bug Bounty ever of $33,500 to a Brazilian security researcher for discovering and reporting a critical Remote code execution vulnerability, which potentially allows the full control of a server.